Host Name configuration

Cisco asa ( config-if) #hostname ASA-HYD

Wan interface configuration with static ip address

Cisco asa ( config-if) # int g1/0

Cisco asa ( config if ) # ip address 1.1.1.1 255.255.255.0

Cisco asa ( config if ) # name if WAN

Cisco asa ( config if ) # security-level 0

Cisco asa ( config if ) #no shut

Wan interface configuration with dhcp ( Broadband connection)

Cisco asa ( config if ) int g0/1

Cisco asa ( config if ) ip address dchp setroute

Static Route configuration

Cisco asa ( config if)#route outside 0.0.0.0 0.0.0.0 1.1.1.2

Enable Telnet

Enabling SSH

Cisco asa ( config if)#domain-name dhoom.com

Cisco asa ( config if)# crypto key generate rsa

Cisco asa ( config if)#username user1 password user1

Cisco asa ( config if)aaa authentication ssh console LOCAL

Cisco asa ( config if)# ssh 192.168.2.0 255.255.255.0 LAN

Lan interface configuration

Cisco asa ( config-if) # int g0/0

Cisco asa ( config if ) # ip address 192.168.1.1 255.255.255.0

Cisco asa ( config if ) # name if LAN

Cisco asa ( config if ) # security-level 100

Cisco asa ( config if ) #no shut

Allowing ping ( Icmp) over wan interface

Need to change Default policy-map global_policy

Cisco asa ( config if )# policy-map global_policy

Cisco asa ( config if )#class inspection_default

Cisco asa ( config if )# inspect icmp

Cisco asa ( config if )#exit

Creating access policies for allowing http services

Cisco asa ( config-if) # access-list access_policy permit tcp 192.168.2.0 255.255.255.0 any eq 80

Cisco asa ( config-if) # access-list access_policy permit udp 192.168.2.0 255.255.255.0 any eq 53

Cisco asa ( config-if) # access-group access-policy in interface LAN

Blocking telnet and allowing all services for lan users

Cisco asa ( config-if) #access-list test deny tcp 192.168.2.0 255.255.255.0 any eq 23

Cisco asa ( config-if) #access-list test permit ip any any

Cisco asa ( config-if) #access-group test in interface LAN

Cisco asa ( config-if) #wr

Cisco asa ( config-if) #exit

OBJECTS:

Cisco asa ( config-if) #object network shaik-pc

Cisco asa ( config-if) # host 192.168.2.10

Cisco asa (config-if) #exit

Creating Object by using ip range

Cisco asa (config-if) #object network test_range

Cisco asa (config-if) #range 192.168.2.10 192.168.2.20

Cisco asa (config-if) #exit

Creating object for Lan_network

Cisco asa (config-if) #object network Lan_Network

Cisco asa (config-if) #subnet 192.168.2.0 255.255.255.0

Cisco asa (config-if) #exit

Creating Service Objects

Cisco asa (config-if) #object service RDP

Cisco asa (config-if) #service tcp destination eq 3389

Creating Object Groups

ACLS
Configuring dynamic nat

Ciscoasa(config)# object network public_pool

Ciscoasa(config-network-object)# range 1.1.1.10 1.1.1.20

Ciscoasa(config-network-object)#exit

Ciscoasa(config)#object network Lan_net

Ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0

Ciscoasa(config-network-object)#nat (LAN,WAN) dynamic public_pool

Ciscoasa(config)#